[Snort-devel] Trying to get SNMP traps from Snort

Robert D. Hughes rob at ...825...
Tue Oct 2 06:05:04 EDT 2001


Chris,
 
Thanks! You were correct in that I saw the error message. My only other
question is that I was using that to cause the alert file to be created.
Is there a way that I can still get that file via snort.conf? I don't
seem to see anything about it there. I use to to upload to ARIS. If not,
ARIS now has a xml upload function, so I can use that, but it was nice
having an easily human readable file on the local machine.
 
Thanks,
Rob

-----Original Message-----
From: Chris Green [mailto:cmg at ...81...]
Sent: Tuesday, October 02, 2001 7:28 AM
To: Robert D. Hughes
Cc: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] Trying to get SNMP traps from Snort



"Robert D. Hughes" <rob at ...825...> writes:

> 1.  (*) text/plain          ( ) text/html          
>
> Chris,
> 
> Thanks. I've been able to send traps from the command line to my
> management console, but have not snort been able to get traps to the
> management console from snort. This was a basic test to make sure
> snmptrap functioned and that nothing was blocking the port. Here's the
> script I use to start snort (its mailly unedited to avoid removing
> something important, so I apologize for its length):

Length is fine - try running
/bin/snort -A FULL -c /usr/local/etc/snort/snort.conf -deX -i dc0 -z \
     all

( without the -D switch )

I think you will see a warning about "command line options overriding
config file logging"


Then try running without the -A FULL and instead only use logging
options in the config file.
--
Chris Green <cmg at ...81...>
"Yeah, but you're taking the universe out of context."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20011002/2c67161d/attachment.html>


More information about the Snort-devel mailing list